9 Replies Latest reply on Feb 2, 2012 11:43 AM by Andy McBride

    Can't get Netflow data into NTA on my Windows 7 workstation

    mattisk

      Hello, I have been trying to get my netflow data into my Solorwinds NTA. Wireshark sees it coming into my PC and the NTA app says it is discarding because it is an unmanaged devices. I clicked on the link to manage it, and that worked, but it is still not showing up in the web console. I have 2055 for the port and and using NF version 5 as the export. The ip flow export source statement references the interface that was unmanaged, so the NTA app is seeing it. SHould I reboot my PC ?

        • Re: Can't get Netflow data into NTA on my Windows 7 workstation
          Andy McBride

          NTA is not really a desktop application. Are you using it this way for testing? Make sure you are managing the exporting interface from the device.

            • Re: Can't get Netflow data into NTA on my Windows 7 workstation
              mattisk

              Well I made some progress and it appears that the Netflow analyzer within Solarwinds is seeing the Netflow data, but, it is not displaying it because it says it is on a unmonitored port. I setup the port as per the instruction to be 2055, and I see that is what the application is expecting. Can anyone tell me is this is just a bug - and how I could get around it.

                • Re: Can't get Netflow data into NTA on my Windows 7 workstation
                  Andy McBride

                  It sounds like the "Unmanaged Interface" error. Have you made sure that the interface on the exporter is the same device interface used by NPM for managing the device?

                  Also these docs may be heplful.

                  http://www.solarwinds.com/documentation/Netflow/docs/NetFlowTroubleshooting.pdf

                  New to Networking Volume 3 - NetFlow Basics and Deployment Strategies

                   

                  Andy

                    • Re: Can't get Netflow data into NTA on my Windows 7 workstation
                      mattisk

                      When I run a wireshark trace, I see the Netflow data coming in on the correct port, this is what is in the packet. Any thoughts as to why I am not getting this into Solarwinds?

                      No.     Time        Source                Destination           Protocol Length Info
                           44 13.283001   107.1.85.66           107.1.86.5            CFLOW    690    total: 13 (v5) flows

                      Frame 44: 690 bytes on wire (5520 bits), 690 bytes captured (5520 bits)
                      Ethernet II, Src: Cisco_35:13:81 (f8:66:f2:35:13:81), Dst: CompalIn_b0:57:9f (70:5a:b6:b0:57:9f)
                      Internet Protocol Version 4, Src: 107.1.85.66 (107.1.85.66), Dst: 107.1.86.5 (107.1.86.5)
                      User Datagram Protocol, Src Port: 62242 (62242), Dst Port: iop (2055)
                          Source port: 62242 (62242)
                          Destination port: iop (2055)
                          Length: 656
                          Checksum: 0x0b9a [validation disabled]
                      Cisco NetFlow/IPFIX
                          Version: 5
                          Count: 13
                          SysUptime: 605613372
                          Timestamp: Jan 31, 2012 12:30:55.771337674 Eastern Standard Time
                          FlowSequence: 241539
                          EngineType: RP (0)
                          EngineId: 0
                          00.. .... .... .... = SamplingMode: No sampling mode configured (0)
                          ..00 0000 0000 0000 = SampleRate: 0
                          pdu 1/13
                              SrcAddr: 193.208.3.155 (193.208.3.155)
                              DstAddr: 107.1.86.83 (107.1.86.83)
                              NextHop: 0.0.0.0 (0.0.0.0)
                              InputInt: 2
                              OutputInt: 0
                              Packets: 4
                              Octets: 192
                              [Duration: 6.976000000 seconds]
                              SrcPort: 1848
                              DstPort: 445
                              padding
                              TCP Flags: 0x02
                              Protocol: 6
                              IP ToS: 0x20
                              SrcAS: 0
                              DstAS: 0
                              SrcMask: 0 (prefix: 193.208.3.155/32)
                              DstMask: 0 (prefix: 107.1.86.83/32)
                              padding
                          pdu 2/13
                              SrcAddr: 216.93.184.136 (216.93.184.136)
                              DstAddr: 107.1.86.77 (107.1.86.77)
                              NextHop: 0.0.0.0 (0.0.0.0)
                              InputInt: 2
                              OutputInt: 0
                              Packets: 2
                              Octets: 80
                              [Duration: 4.000000000 seconds]
                              SrcPort: 53
                              DstPort: 1024
                              padding
                              TCP Flags: 0x12
                              Protocol: 6
                              IP ToS: 0x20
                              SrcAS: 0
                              DstAS: 0
                              SrcMask: 0 (prefix: 216.93.184.136/32)
                              DstMask: 0 (prefix: 107.1.86.77/32)
                              padding
                          pdu 3/13
                              SrcAddr: 195.249.21.238 (195.249.21.238)
                              DstAddr: 107.1.86.73 (107.1.86.73)
                              NextHop: 0.0.0.0 (0.0.0.0)
                              InputInt: 2
                              OutputInt: 0
                              Packets: 4
                              Octets: 192
                              [Duration: 7.000000000 seconds]
                              SrcPort: 1445
                              DstPort: 445
                              padding
                              TCP Flags: 0x02
                              Protocol: 6
                              IP ToS: 0x20
                              SrcAS: 0
                              DstAS: 0
                              SrcMask: 0 (prefix: 195.249.21.238/32)
                              DstMask: 0 (prefix: 107.1.86.73/32)
                              padding
                          pdu 4/13
                              SrcAddr: 93.91.237.89 (93.91.237.89)
                              DstAddr: 107.1.86.114 (107.1.86.114)
                              NextHop: 0.0.0.0 (0.0.0.0)
                              InputInt: 2
                              OutputInt: 0
                              Packets: 4
                              Octets: 192
                              [Duration: 6.948000000 seconds]
                              SrcPort: 3754
                              DstPort: 445
                              padding
                              TCP Flags: 0x02
                              Protocol: 6
                              IP ToS: 0x20
                              SrcAS: 0
                              DstAS: 0
                              SrcMask: 0 (prefix: 93.91.237.89/32)
                              DstMask: 0 (prefix: 107.1.86.114/32)
                              padding
                          pdu 5/13
                              SrcAddr: 95.28.201.135 (95.28.201.135)
                              DstAddr: 107.1.86.89 (107.1.86.89)
                              NextHop: 0.0.0.0 (0.0.0.0)
                              InputInt: 2
                              OutputInt: 0
                              Packets: 4
                              Octets: 192
                              [Duration: 6.948000000 seconds]
                              SrcPort: 11209
                              DstPort: 445
                              padding
                              TCP Flags: 0x02
                              Protocol: 6
                              IP ToS: 0x20
                              SrcAS: 0
                              DstAS: 0
                              SrcMask: 0 (prefix: 95.28.201.135/32)
                              DstMask: 0 (prefix: 107.1.86.89/32)
                              padding
                          pdu 6/13
                              SrcAddr: 200.187.151.163 (200.187.151.163)
                              DstAddr: 107.1.86.71 (107.1.86.71)
                              NextHop: 0.0.0.0 (0.0.0.0)
                              InputInt: 2
                              OutputInt: 0
                              Packets: 4
                              Octets: 192
                              [Duration: 7.048000000 seconds]
                              SrcPort: 2056
                              DstPort: 445
                              padding
                              TCP Flags: 0x02
                              Protocol: 6
                              IP ToS: 0x20
                              SrcAS: 0
                              DstAS: 0
                              SrcMask: 0 (prefix: 200.187.151.163/32)
                              DstMask: 0 (prefix: 107.1.86.71/32)
                              padding
                          pdu 7/13
                              SrcAddr: 216.93.184.136 (216.93.184.136)
                              DstAddr: 107.1.86.112 (107.1.86.112)
                              NextHop: 0.0.0.0 (0.0.0.0)
                              InputInt: 2
                              OutputInt: 0
                              Packets: 2
                              Octets: 80
                              [Duration: 4.000000000 seconds]
                              SrcPort: 53
                              DstPort: 3072
                              padding
                              TCP Flags: 0x12
                              Protocol: 6
                              IP ToS: 0x20
                              SrcAS: 0
                              DstAS: 0
                              SrcMask: 0 (prefix: 216.93.184.136/32)
                              DstMask: 0 (prefix: 107.1.86.112/32)
                              padding
                          pdu 8/13
                              SrcAddr: 121.14.69.249 (121.14.69.249)
                              DstAddr: 107.1.86.108 (107.1.86.108)
                              NextHop: 0.0.0.0 (0.0.0.0)
                              InputInt: 2
                              OutputInt: 0
                              Packets: 2
                              Octets: 80
                              [Duration: 4.000000000 seconds]
                              SrcPort: 80
                              DstPort: 16469
                              padding
                              TCP Flags: 0x12
                              Protocol: 6
                              IP ToS: 0x20
                              SrcAS: 0
                              DstAS: 0
                              SrcMask: 0 (prefix: 121.14.69.249/32)
                              DstMask: 0 (prefix: 107.1.86.108/32)
                              padding
                          pdu 9/13
                              SrcAddr: 64.19.34.227 (64.19.34.227)
                              DstAddr: 107.1.86.35 (107.1.86.35)
                              NextHop: 0.0.0.0 (0.0.0.0)
                              InputInt: 2
                              OutputInt: 0
                              Packets: 4
                              Octets: 192
                              [Duration: 6.856000000 seconds]
                              SrcPort: 39298
                              DstPort: 445
                              padding
                              TCP Flags: 0x02
                              Protocol: 6
                              IP ToS: 0x20
                              SrcAS: 0
                              DstAS: 0
                              SrcMask: 0 (prefix: 64.19.34.227/32)
                              DstMask: 0 (prefix: 107.1.86.35/32)
                              padding
                          pdu 10/13
                              SrcAddr: 201.29.95.231 (201.29.95.231)
                              DstAddr: 107.1.86.26 (107.1.86.26)
                              NextHop: 0.0.0.0 (0.0.0.0)
                              InputInt: 2
                              OutputInt: 0
                              Packets: 4
                              Octets: 192
                              [Duration: 7.012000000 seconds]
                              SrcPort: 2773
                              DstPort: 445
                              padding
                              TCP Flags: 0x02
                              Protocol: 6
                              IP ToS: 0x20
                              SrcAS: 0
                              DstAS: 0
                              SrcMask: 0 (prefix: 201.29.95.231/32)
                              DstMask: 0 (prefix: 107.1.86.26/32)
                              padding
                          pdu 11/13
                              SrcAddr: 116.49.235.100 (116.49.235.100)
                              DstAddr: 107.1.86.54 (107.1.86.54)
                              NextHop: 0.0.0.0 (0.0.0.0)
                              InputInt: 2
                              OutputInt: 0
                              Packets: 2
                              Octets: 96
                              [Duration: 4.000000000 seconds]
                              SrcPort: 80
                              DstPort: 52737
                              padding
                              TCP Flags: 0x12
                              Protocol: 6
                              IP ToS: 0x20
                              SrcAS: 0
                              DstAS: 0
                              SrcMask: 0 (prefix: 116.49.235.100/32)
                              DstMask: 0 (prefix: 107.1.86.54/32)
                              padding
                          pdu 12/13
                              SrcAddr: 72.52.7.58 (72.52.7.58)
                              DstAddr: 107.1.86.138 (107.1.86.138)
                              NextHop: 107.1.85.65 (107.1.85.65)
                              InputInt: 2
                              OutputInt: 2
                              Packets: 51
                              Octets: 2040
                              [Duration: 0.008000000 seconds]
                              SrcPort: 80
                              DstPort: 18468
                              padding
                              TCP Flags: 0x12
                              Protocol: 6
                              IP ToS: 0x20
                              SrcAS: 0
                              DstAS: 0
                              SrcMask: 0 (prefix: 72.52.7.58/32)
                              DstMask: 0 (prefix: 107.1.86.138/32)
                              padding
                          pdu 13/13
                              SrcAddr: 72.52.7.58 (72.52.7.58)
                              DstAddr: 107.1.86.138 (107.1.86.138)
                              NextHop: 107.1.85.65 (107.1.85.65)
                              InputInt: 2
                              OutputInt: 2
                              Packets: 51
                              Octets: 2040
                              [Duration: 0.008000000 seconds]
                              SrcPort: 80
                              DstPort: 18468
                              padding
                              TCP Flags: 0x12
                              Protocol: 6
                              IP ToS: 0x20
                              SrcAS: 0
                              DstAS: 0
                              SrcMask: 0 (prefix: 72.52.7.58/32)
                              DstMask: 0 (prefix: 107.1.86.138/32)
                              padding

                      0000  70 5a b6 b0 57 9f f8 66 f2 35 13 81 08 00 45 00   pZ..W..f.5....E.
                      0010  02 a4 8a 2d 00 00 ff 11 ad d1 6b 01 55 42 6b 01   ...-......k.UBk.
                      0020  56 05 f3 22 08 07 02 90 0b 9a 00 05 00 0d 24 18   V.."..........$.
                      0030  ed 3c 4f 28 25 4f 2d f9 ad ca 00 03 af 83 00 00   .<O(%O-.........
                      0040  00 00 c1 d0 03 9b 6b 01 56 53 00 00 00 00 00 02   ......k.VS......
                      0050  00 00 00 00 00 04 00 00 00 c0 24 18 6a 14 24 18   ..........$.j.$.
                      0060  85 54 07 38 01 bd 00 02 06 20 00 00 00 00 00 00   .T.8..... ......
                      0070  00 00 d8 5d b8 88 6b 01 56 4d 00 00 00 00 00 02   ...]..k.VM......
                      0080  00 00 00 00 00 02 00 00 00 50 24 18 74 dc 24 18   .........P$.t.$.
                      0090  84 7c 00 35 04 00 00 12 06 20 00 00 00 00 00 00   .|.5..... ......
                      00a0  00 00 c3 f9 15 ee 6b 01 56 49 00 00 00 00 00 02   ......k.VI......
                      00b0  00 00 00 00 00 04 00 00 00 c0 24 18 6e b0 24 18   ..........$.n.$.
                      00c0  8a 08 05 a5 01 bd 00 02 06 20 00 00 00 00 00 00   ......... ......
                      00d0  00 00 5d 5b ed 59 6b 01 56 72 00 00 00 00 00 02   ..][.Yk.Vr......
                      00e0  00 00 00 00 00 04 00 00 00 c0 24 18 6e e8 24 18   ..........$.n.$.
                      00f0  8a 0c 0e aa 01 bd 00 02 06 20 00 00 00 00 00 00   ......... ......
                      0100  00 00 5f 1c c9 87 6b 01 56 59 00 00 00 00 00 02   .._...k.VY......
                      0110  00 00 00 00 00 04 00 00 00 c0 24 18 70 44 24 18   ..........$.pD$.
                      0120  8b 68 2b c9 01 bd 00 02 06 20 00 00 00 00 00 00   .h+...... ......
                      0130  00 00 c8 bb 97 a3 6b 01 56 47 00 00 00 00 00 02   ......k.VG......
                      0140  00 00 00 00 00 04 00 00 00 c0 24 18 73 7c 24 18   ..........$.s|$.
                      0150  8f 04 08 08 01 bd 00 02 06 20 00 00 00 00 00 00   ......... ......
                      0160  00 00 d8 5d b8 88 6b 01 56 70 00 00 00 00 00 02   ...]..k.Vp......
                      0170  00 00 00 00 00 02 00 00 00 50 24 18 8b c8 24 18   .........P$...$.
                      0180  9b 68 00 35 0c 00 00 12 06 20 00 00 00 00 00 00   .h.5..... ......
                      0190  00 00 79 0e 45 f9 6b 01 56 6c 00 00 00 00 00 02   ..y.E.k.Vl......
                      01a0  00 00 00 00 00 02 00 00 00 50 24 18 8c 4c 24 18   .........P$..L$.
                      01b0  9b ec 00 50 40 55 00 12 06 20 00 00 00 00 00 00   ...P@U... ......
                      01c0  00 00 40 13 22 e3 6b 01 56 23 00 00 00 00 00 02   ..@.".k.V#......
                      01d0  00 00 00 00 00 04 00 00 00 c0 24 18 84 f4 24 18   ..........$...$.
                      01e0  9f bc 99 82 01 bd 00 02 06 20 00 00 00 00 00 00   ......... ......
                      01f0  00 00 c9 1d 5f e7 6b 01 56 1a 00 00 00 00 00 02   ...._.k.V.......
                      0200  00 00 00 00 00 04 00 00 00 c0 24 18 8a 8c 24 18   ..........$...$.
                      0210  a5 f0 0a d5 01 bd 00 02 06 20 00 00 00 00 00 00   ......... ......
                      0220  00 00 74 31 eb 64 6b 01 56 36 00 00 00 00 00 02   ..t1.dk.V6......
                      0230  00 00 00 00 00 02 00 00 00 60 24 18 9a b0 24 18   .........`$...$.
                      0240  aa 50 00 50 ce 01 00 12 06 20 00 00 00 00 00 00   .P.P..... ......
                      0250  00 00 48 34 07 3a 6b 01 56 8a 6b 01 55 41 00 02   ..H4.:k.V.k.UA..
                      0260  00 02 00 00 00 33 00 00 07 f8 24 18 ab 48 24 18   .....3....$..H$.
                      0270  ab 50 00 50 48 24 00 12 06 20 00 00 00 00 00 00   .P.PH$... ......
                      0280  00 00 48 34 07 3a 6b 01 56 8a 6b 01 55 41 00 02   ..H4.:k.V.k.UA..
                      0290  00 02 00 00 00 33 00 00 07 f8 24 18 ab 48 24 18   .....3....$..H$.
                      02a0  ab 50 00 50 48 24 00 12 06 20 00 00 00 00 00 00   .P.PH$... ......
                      02b0  00 08                                             ..